Cybersecurity Axioms

Given below is a complete listing of all Cybersecurity Axioms for SCF 1.0 (see below); which is to be used in conjunction with the associated Lexicon that defines all Cybersecurity terms, concepts and word definitions.


Science Of Cybersecurity Framework (SCF)

In order to establish a logically coherent statement of basic theory, and to enable orderly progression for the same; we hereby define the Science Of Cybersecurity Framework (SCF) Version 1.0. The following axioms (and associated terms) shall establish the Science Of Cybersecurity Framework (SCF)—Version 1.0.

We invite the community to submit corrections, new and useful terms, plus missing axioms etc; whereby all (major) changes will be attributed to the author.


Axiom Definitions

[Axiom 1] Datum: A datum of any idea or thing is a pattern of meaning, an abbreviated description, definition or set of ‘facts’ concerning the thing in question; typically prescribing an event, object, feeling, etc.; in token of, as a sign, symbol, or evidence of something.

[Axiom 2] Datum Expression/Source: Datums are typically expressed within the boundaries of a specific language, medium, media and/or code; and normally each datum has an inherent lifetime whereby it may be created, stored, communicated, replicated, lost and/or destroyed etc. Each datum has a human and/or machine creator/author, plus normally human owner(s) and user(s) (ref. social accessibility (or privacy) status).

[Axiom 3] Datum Types: Datums come in three kinds:

  • A private datum is accessible only by a restricted group of people—or a particular set of human beings; and is inaccessible to all other persons [Axiom 3.1].
  • A secret datum is accessible only by a single human being—typically the owner and often the author; and is inaccessible to all other persons [Axiom 3.2].
  • An open datum is (potentially) accessible by anyone— or by an unrestricted group of people [Axiom 3.3].

[Axiom 4] Communication System: A communication system is a system or facility for transferring datum(s)/patterns-of-meaning between persons and equipment. The system usually consists of a collection of individual communication networks, transmission systems, relay stations, tributary stations and terminal equipment capable of interconnection and interoperation so as to form an integrated whole.

[Axiom 5] SECURITY: Security for a person-to-person communication system—can be defined as protection of secrecy, privacy or openness of meaning; or the safe transfer of single/multiple datum(s) between human(s).

[Axiom 6] Social Accessibility (Privacy) Status: The ability of a person to see, know and/or change a datum’s form and/or content.

[Axiom 7] Protect = Lock, Block or Conceal an item.

[Axiom 8] Single-Copy-Send: Henceforth adjudging that a point-to-point communication is private and secure; is equivalent to saying that the original unit of meaning existing at the ‘source’ node has, as a result of the one-to-one replication, only one accessible copy— at the ‘receiver’ node. Furthermore this copy is—unequivocally—accessible only by the (trusted) human for whom the communication was intended (i.e. it is access- controlled).We call such a process single-copy-send—or socially secure communication.

[Axiom 8.1] Meta-Data: Whereby the process of communication may itself be private (no public meta-data exists); and there is no possibility of any nth-party obtaining a copy of the communicated datum.

[Axiom 9] Primary-Copy: A primary-copy is a place-holder for a private datum of meaning —existing within the boundaries of a point-to-point communication system; whose content and form are restricted in terms of social access (i.e who can see, know & change the same); whereby the datum is (ideally) communicated via single-copy-send from the source-point to any (and all) designated receiver-point(s).

[Axiom 10] Secondary-Copy: A secondary-copy is a (communicated/backup) replication of a primary-copy—existing within (or outside) the boundaries of a point-to-point communication system—that may be legitimately produced by the communication process itself (e.g. a central server copy); and/or be illegitimately created as a result of the unwarranted activities of a hacker.

[Axiom 11] Tertiary-Copy: A tertiary-copy is a replication of a primary or secondary copy —which is generated post-communication by extracting datum(s) from a large body of communication data (e.g. a transatlantic data pipe).

[Axiom 12] Absolute Security Target: For a point-to-point communication instance—is the replication of a single instance (or primary-copy) of a private-datum from one socially restricted access-node to another [ref. Absolute Security:TARGET]. In other words, it is the single-copy-send of a datum from one party to another; whereby no—socially accessible— nth-party copies exist whatsoever (hopefully persistently—or on a long-term basis).

[Axiom 13] Partial/Absent Security: Likewise we can define partial/absent security as the existence of any unprotected—or nth-party accessible— primary/secondary/tertiary datum-copies.

[Axiom 14] Digital Media: Digital-media are electronic media used to store, transmit and receive digitised information; and may refer to any media that has been encoded in a machine-readable format. Digital-media—or simply media—can be created, viewed, distributed, modified and preserved on computers. For our purposes we have compartmentalised media into three types: storage, transfer and access.

[Axiom 15] Datum-Copy: A datum is a discrete pattern of meaning that may be transferred between minds (network access-nodes). A datum-copy is a particular instantiation of a datum’s pattern—that exists inside or (potentially) outside of a point-to- point communication system. A copy has two primary aspects: firstly form (the encapsulating format)—or media of storage, communication/ delivery, and access; and secondly content (a representation with metrical, descriptive and selectional aspects).

[Axiom 16] Datum-Copy Ownership: A datum-copy has a natural owner—often the sender/creator of the datum.

[Axiom 17] Ownership Rights: Ownership rights include protection of social access (e.g. secrecy, privacy, openness) for the copy—in terms of who can see, know and/or change the content and/or form of the copy (ref. new owner(s)/user(s)).

[Axiom 18] Hacking: When we speak of—a datum-copy being hacked and/or a data- breach/system-exploit occurring—that is defined as unwarranted social access to the informational content of the datum (i.e. loss/change of privacy status.

[Axiom 19] Coherent Defence: Previously, for an act of private communication, we had assumed that a local access-node provided socially restricted access to primary-copies. However such a statement is predicated on the fact that each access-device affords an actor-coherent defence against any data-breaches—successfully.

[Axiom 20] Network Term And Hybrid Actors: Use of the term ‘network’—is problematic to say the least. This is because an access-device may be open to the data-processing activities of (any number of) inter-relating local-actors plus network-actors (i.e. human/ automated ones etc). Ergo hybrid-actors are formed that may be partially/fully invisible, overly complex, and/or unknowable in some way—and which may be—as yet—only potentially present.

[Axiom 21] Datum’s Context Of Use: A datum’s content may have a purely informational meaning (be descriptive) and/or a purely logical meaning (be functional)—or posses a combination of both kinds of meaning—according to context of use. However, the process of point-to-point transfer of a datum; is (normally) defined to be a transfer of information alone—and the datum (content) is immutable.

[Axiom 22] Datum Replication: Replication of a primary-copy (datum from + content) is transfer to a destination-point. It may be that a copy’s form (encapsulating media of storage, communication/delivery, and access etc) changes during replication—hence (datum) copies are mutable (form aspects).

[Axiom 23] Protection Methods: There are basically three ways to defend/protect an item in the real-world. For example, when protecting an entrance to a house (i.e. walled safe)—we can:

  1. Lock the entrance and armour reinforce it—or make it difficult to open/know;
  2. Block the entrance pathway—by preventing an attacker from reaching it—forexample by placing objects in the entrance-way—or by eliminating it altogether;
  3. Conceal the entrance—and make it difficult to see/find.

Similarly for datum-copies/attack-surfaces—we can protect these in analogous way(s)

[Axiom 24] Coherency Predicates: We can identify two—enforced—coherency predicates for absolute security; namely: actor-unity (of purpose); and actor-integrity (of action); for safe hardware/software operations on each access-device.

[Axiom 25] Data-Processing Legitimacy: Similarly, unsafe-actor repellent/containment techniques can be used to preserve the legitimacy of data-processing operation(s) on the primary-network.

[Axiom 26] Attack-Surface Types: Attack-surfaces come in six basic kinds.

Firstly we have three related to the datum-copy’s form; or its encapsulating media of storage, transfer and access. Secondly we have three attack-surface types related to the datum-copy’s content; and these are the metrical, descriptive and selectional ones.

[Axiom 27] Actor: An actor (i.e. a program/human/process) existing on and/or influencing the data-processing stack that may be structurally—visible/invisible and/or known/ unknown in terms of existence—but remain questionable/harmful in terms of purpose, value, action and/or integrity—and hence may (potentially) cause undetermined/ detrimental/harmful effects and/or progress unknown or undesirable programming path(s); or else provide unauthorised access to private-datum(s) etc

[Axiom 28] Datum-Copy Components: A datum-copy—encapsulated on a media device —has three components: two related to form: the physical representation, and the virtual representation, and one related to content: which is the meaning representation (with the aforementioned metrical, descriptive and selectional aspects).

[Axiom 29] Protective Measures/Types: Ergo, there are 5 possible attack-surface types for each of three possible media of storage, transfer and access— leading to a grand total of 15 attack-surface types. However each surface may be protected by 6 kinds of protection (entry-method(s) + defence-method(s)): or locking, blocking and concealment mechanism(s); hence we can have up to 90 fundamental kinds/types of protection for a single copy (or a private datum).

[Axiom 30] Local Actor: A local-actor is a data processing unit—existing on a local access-device—comprised of either hardware and/or software/human elements—which (potentially) acts on a datum-copy’s form and/or content within the primary-network’s data- processing stack.

[Axiom 31] Network-Actor: A network-actor is a data processing unit—existing on a remote networked-device—comprised of either hardware and/or software/human elements —which (potentially) acts on a datum-copy’s form and/or content within the primary- network’s data-processing stack.

[Axiom 32] Actor-Coherent Defence: An actor-coherent defence is when all of the actors, entities and processes—present in a primary-network’s data-processing stack—are impelled to act together in order to protect the private datum-copy’s form and/or content from unwarranted social access (hopefully for all places/ times). N.B. An actor may originate—from either automated processes and/or human ones.

[Axiom 33] Access-Node: An access-node is a virtual access gateway (i.e. legitimate login-node/point-of-entry) for a primary/secondary/tertiary network; and is normally used (only) by an authorised party to gain entry to said network. An access-device is a physical access device that enables a human to gain entry to the same network (i.e. a personal computer).

[Axiom 34] Primary-Network: The primary-network is a provided point-to-point communication system; whereby a private access-node (the source-point) exists on a networked access-device; which stores a primary-copy of a private-datum; prior to the single-copy-send of the same to a socially restricted access-node (the destination-point). A primary-network may create legitimate secondary-copies of the primary-copy.

[Axiom 35] Secondary-Network: A secondary-network is a privileged-access network intimately connected to the primary-network’s communication pipeline; whereby copies of communicated private-datum(s) may exist on an nth-party organisational network and/or various local and/or central replication (backup) network(s). A secondary-network may contain legitimate replicated secondary-copies of primary-copies and/or other secondary- copies.

[Axiom 36] Tertiary-Network: A tertiary-network is not directly connected to the primary- network—but nevertheless may still (belatedly) access data traffic flowing across primary and/or secondary-networks—resulting in illegitimate tertiary-copies of primary/secondary- copies.

[Axiom 37] Metrical Attack-Surface: The so-called metrical attack-surface may be protected (for example) by means of encryption (entry locks + content concealment)—or obfuscation of symbolic structure—and so that only an actor with the correct unlocking algorithm(s)/key(s) can decode the underlying symbolic pattern.

[Axiom 38] Descriptive Attack-Surface: The metrical layer is decoded, we must match each symbol to its specific meaning—and according to the common descriptive language employed—named the descriptive attack-surface.

[Axiom 39] Selectional Attack-Surface: Notably the sender and receiver may be using an obscure coding language whereby the symbol-to-meaning relationship is protected (i.e. RED means BIG etc). Finally, modal context(s)—named selectional attack-surface(s)— may protect constructive aspect(s) of the representation.

[Axiom 40] Concealment: We have the target (item to be concealed); and the concealment method. Whereby there are two basic kinds of concealment structural targets: existence of the item, and content (or inner meaning).

[Axiom 41] Concealment Structure: Structure can be—CONCEALED—in 3 ways:

  1. Conceal form itself; or
  2. Conceal location (where); or
  3. Conceal location (when): item time-span, duration or persistence.

[Axiom 42] Concealment Methods: Whereby there are 3 basic processes: (for each method/way)

  1. Conceal by transformation of form/location; or
  2. Conceal by similarity (equivalency)—that is by hiding an item alongside a largenumber (of ostensibly identical) items; and
  3. Conceal by difference (complexity)—or hiding an item amongst a large number ofgreatly/potentially varying forms/structures.

[Axiom 43] Attack-Surface/Window: An attack-surface/attack-window is an exposed facet/ system entry-point for a datum-copy, existing on a primary-network’s data- processing stack, and which (potentially) facilitates unwarranted social access to a private datum-copy’s content and/or form.

[Axiom 44] Attack-Vector: An attack-vector is a specific data-processing path, existing on a primary-network’s data-processing stack—which (potentially) provides unwarranted social access to a private datum-copy’s content and/or form.

[Axiom 45] Access-Gateway: An access-gateway consists of one or more access-nodes and/or exposed attack-surface(s)/window(s)—for a primary, secondary or tertiary copy.

[Axiom 46] Storage-Media: A storage-media is a bundle of hardware/software technologies that work together to form a memory system—and in order to persist a datum-copy’s form and content.

[Axiom 47] Transfer-Media: A transfer-media is a bundle of hardware/software technologies that work together to form a delivery system—and in order to send a datum- copy from a source-point to a destination-point.

[Axiom 48] Access-Media: An access-media is a hardware/software system that enables an actor to see, know and/or change a copy’s form and/or content (e.g. a data-access terminal).

[Axiom 49] Concealment Target: There are basically two kinds of concealment targets; you can either focus on concealing structure—or else encourage the observer to look elsewhere (still a form of concealment).

Whereby either the onlooker:

  1. Does not know where or when to look for an item (target location obfuscation); or secondly:
  2. Finds that looking does not reveal how to find the item (target form confusion); or finally:
  3. Is encouraged to look elsewhere than an item’s true location (observer misdirection —i.e. concentrate on directing the attention of the observer—using decoys and/or false targets—or hide messages in innocuous content etc).

[Axiom 50] For absolute security, we must protect:

  1. Physical-Gateway(s)—who can obtain a physical copy.
  2. Virtual-Gateway(s)—who can open a virtual copy.
  3. Meaning-Gateway(s)—who can decode datum(s).

To be successful, an intruder must first pass through the physical and virtual gateway(s); prior to deciphering the meaning of the inner datum(s)—or passing through any meaning- gateway(s) that happen to be present.

[Axiom 51] Locking Mechanisms: Just for clarification—herein whenever we speak of a locking mechanism for a datum-copy (existing on a specific media of storage, transfer and access)—what we are saying is that the lock prevents the knowing/opening action (i.e for datum access)—by some protected entry-method plus defence-method(s) (i.e. password entry-system (lock) plus content concealment of symbolic structure) [Axiom 51.1]. Alternatively, existence concealment prevents an unsafe-actor from seeing/ finding a copy by means of an entry-method that is itself secret/hidden (i.e. unusual descriptive coding) and/or secret/hidden defence-method(s) (e.g. possibly identical to entry-method) [Axiom 51.2]. Likewise for blocking actions (ref. reaching) [Axiom 51.2]. Obviously there is overlap (and nesting) between the concepts of lock, block and conceal—but it is often useful to open-up protection—as a concept—into such facets.

[Axiom 52] Cryptographic Principles: Ergo, we abide by one (or more) of the following-

CRYPTOGRAPHIC PRINCIPLES:

  • Principle A – Virtual Message Tamper-proofing: The digital signature verification and encryption must be applied to the cipher-text— when it is created—typically on the same primary-network used to compose the message—to avoid tampering (adequate locking—guarantees message integrity).
  • Principle B – Physical Message Tamper-proofing: Encrypting at the time of creation is only secure if the encryption device itself has not been tampered with (i.e. closed/ blocked physical gateway(s) or device-integrity).
  • Principle C – Employ Secret Keys: Obey Dr Claude Shannon’s maxim (i.e. Kerckhoff’s principle); and assume that: ‘the enemy knows the system’. Avoid relying on security through obscurity and/or security through minority—in terms of not assuming that the secrecy/uncommonness of system design provides unimpeachable protection (adequate concealment + locking).
  • Principle D – Pattern Obfuscation: Special encryption/coding/scrambling methods must be employed to prevent spies from deducing information from patterns present in the copy.
  • Principle E – Access-node/Key/ID Security: Adequate access control methods must be employed to protect unwarranted access to any and all access-nodes, access-devices, keys, user IDs etc (adequate blocking + key concealment).
  • Principle F – Viruses, Trojan-Horses: Methods to eradicate Viruses and to prohibit Trojans misrepresenting as safe-actors— hence preventing unsafe-actors from gaining unwarranted access to copies/actors on the data-processing stack (adequate blocking).
  • Principle G – Environmental Spying: Methods to prevent spying on the primary- network through leaking emanations, including radio or electrical signals and vibration(s) etc.

[Axiom 53] Protection By Diversity: Protection by Diversity is a fundamental principle for attaining secrecy/privacy; whereby we first block/bar entry to a private item by some defensive means or protective barrier. Next we build a window/door into the barrier that may be opened (i.e. know/open action)—but only by means of a fully/partially secret entry- method. The entry-method typically includes a mathematical/text value and/or locking key (i.e. a secret password) with a specific form known/available only to authorised parties— and that is difficult to attain/guess; whereby it is diversity (potential to have many different values) that protects the key from discovery/use by an attacker.

[Axiom 54] Coding Types: Descriptive coding refers to the process of assigning a pattern of symbols to the specific meaning of the conveyed message (communicated datum(s)). Selective coding refers to the process of protecting constructive aspects of the symbolic and/or descriptive components of the message by means of private modal context(s).

[Axiom 55] Coding Principles: Ergo—for socially secure communication—we abide by— as many as possible of—the following message/ datum CODING PRINCIPLES:

CODING PRINCIPLES

  1. Employ effective symbolic encryption; including multi-layer encryption with new keys generated for each communication instance (i.e. use perfect-forward-secrecy).
  2. Employ obscure descriptive coding methods (i.e. one-time-pad(s) or perfect- secrecy).
  3. Employ variable selectional coding methods (i.e. multiple code-books in a single message); with constantly changing constructive pattern(s) for each message. (i.e. one-time-pad(s) or perfect-secrecy).
  4. Employ safe pattern constructs. Avoid sending identical (coded) natural-language constructs repetitively; pad the pattern(s) with NULLS or hide them; use varying constructive code(s).
  5. Rely on the Beholder’s Share—employ covert and obscure methods for interpretation of meaning.

[Axiom 56] Evasion Attacks: In network security, evasion is bypassing network security in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.

[Axiom 57] Stealth Defences: A nice antipodal proposition—and remedy for—an evasive attack—is a stealth defence. Whereby all physical and virtual system gateways are rendered invisible and/or out-of-reach of the data-processing actions of any harmful attackers.

[Axiom 58] Gateway Protection: A good rule-of-thumb for achieving—socially secure communication—is that it is always easier (and more effective) to eliminate/conceal a system gateway than to protect access to the same gateway.

[Axiom 59] Stealth Techniques: Effective—STEALTH TECHNIQUES—include (for defence):

STEALTH TECHNIQUES

  • BLOCK – Move access-node(s)—plus related data-set(s)—including user data (i.e. user owned IDs/keys)—to a private (possibly portable) access-device; closing physical/virtual gateway(s).
  • RESTRICT– Employ an invitation-only-network + cypher-matching— whereby unsafe parties are blocked (i.e use a private network).
  • DECEPTION – Use false/null data-traffic, decoys, honey-pots, spoofed access- device IP/MAC addresses (hide source + destination IDs/point(s)); hide message(s) in innocuous content; closing invalid gateway(s).
  • SECRECY – Use a secret/scrambled/coded protocol (key-protected); secret routers/gateways—to close/protect all datum physical/virtual-gateway(s).
  • CURTAIL – Eliminate all legitimate and illegitimate secondary copies (e.g. use a Peer-to-Peer (P2P) network); closing physical + virtual gateway(s).
  • DEFEND – Protect the communication channel (e.g. use distributed transport and/ or concealed packet(s)).
  • CONCEAL – Conceal the method(s) of coding within a large range of possible method(s) + vary/overlap method(s); that is protect meaning gateway(s) (i.e. exploit the beholder’s share).
  • LOCALISE – Localise Identity and Access Management System(s). Do not trust private items to nth-parties.
  • CONFUSE – Employ nested protective layers (ref. physical/virtual gateways).

[Axiom 60] Gateway Protection: In a nutshell, we wish to reduce gateway: exposure (limit existence in place/time), number(s), visibility and fragility—eliminating/nullifying attack-vectors.

[Axiom 61] Gateway Architecture: As previously defined, an access-gateway consists of one or more access-nodes and/or (potentially) exposed attack-surfaces for a primary, secondary or tertiary copy. Earlier in Chapter 5 we characterised three different types of access-gateway for datum-copies existing on a point-to-point communication system. Firstly, we have physical-gateway(s)—which determine who may obtain a physical copy; next we have virtual-gateway(s)—which determine who can open a virtual/formatted copy; and finally we have meaning-gateway(s) that determine who can decode a copy. To be successful an intruder must (typically) pass through several (nested) physical and virtual gateway(s); before decoding all meaning gateway(s)—and in order to uncover the communicated datum(s). Ergo gateway defence-method(s) and/or entry-barriers—typically provide a hierarchy of defensive ‘high- walls’—much like a castle (defence-in-depth).

[Axiom 62] Absolute Security (Target and Methods): In summary, attaining absolute security for our digital communication(s)—is a difficult-to-reach—but not impossible goal. Just like the magician, rather than performing any real magic tricks (achieving unbreakable encryption/coding)—we misdirect.

Accordingly, we seek to:

  1. Lock/block/conceal system gateway(s);
  2. Conceal the method(s) of entry/defence (variable aspects) within a large range—of(potential) methods;
  3. Employ depth-defences to confuse/ slow-down an attacker.

In this manner (A+B+C) [named as Axiom 62], we safeguard attack-surface entry- methods.


END OF LISTING OF SCF VERSION 1.0 – CYBERSECURITY AXIOMS


REFERENCES

[1] http://www.scienceofcybersecurity.com [2017]

[2] Absolute Security – Theory And Principles Of Socially Secure Communication, [2015] – Radley Books, Alan Radley.

[3] The Absolute Security Bulletins – 10 leaflets – (2015) – LinkedIn.

[4] The Science Of Cybersecurity – Theory And Principles Of Socially Secure Communication, [2017] – Radley Books, Alan Radley.

[5] Natural Thoughts, Freedom and Atomic Networks: Keynote address and paper at the Third International Conference for Information Architecture, Security and Cloud Intelligent Technology held in Sanremo, September, 2014, Italy.

[6] The Science Of Cybersecurity – LinkedIn Group (2017).


Contributors

As and when readers supply amendments and corrections to the information on this page, these will be listed here.

Please feel free to send in your amendments.